14 matches found
EUVD-2016-4958
Malware in sbrugna...
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure Vulnerability
Exploit for php platform in category web applications Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Date of Public Advisory: 09.02.2016 Reference: SAP...
SAP NetWeaver Web Dynpro Information Disclosure
Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Sent: 2016-12-15 Reported: 2016-12-15 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 23445...
SAP Vulnerability Puts Business Data at Risk for Thousands of Companies
SAP’s patch update for this month included a fix for a critical remote code execution vulnerability in the SAP GUI client that provides remote access to a central SAP server in a corporate network. Researchers at ERPScan, a Dutch company specializing in business application security, disclosed so...
Starbucks: SAP Server - default credentials enabled
@ak1t4 reported that the Starbucks SAP server webgui was exposed to the internet with default TMSADM credentials. Although the risk was flagged as critical by the researcher, Starbucks security along with SAP security team performed an internal assessment on the risk and changed the severity to...
SAP HANA Sinopia - default user creation policy insecure
Application: SAP HANA Versions Affected: SAP HANA SPS12 Vendor URL: SAP Bug: Insecure default configuration Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2407694 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...
CVE-2016-3946
SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...
Code injection
SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...
CVE-2016-3946
SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...
CVE-2016-3946
SAP Console (aka SAPConsole) 7.30 is affected by an information disclosure vulnerability where local users can read the Windows registry to obtain SAP Server login credentials. Root cause: insecure handling/storage of credentials in the Windows registry as described in SAP Security Note 2121461. ...
SAP NetWeaver Classification - SMB Relay vulnerability
Application: SAP NetWeaver CA-CL Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 12.03.2013 Reference:...
SAP-Server-MaxDB
Sap Server 7.7.06.09 is vulnerable to a remote buffer overflow attack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process...
SAP NetWeaver Logviewer - Security Check Bypass
Application: SAP NetWeaver Logviewer Versions Affected: SAP NetWeaver Logviewer 6.30 Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 24.06.2010 Vendor response: 25.06.2010 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 13.03.2013 Reference: S...
Security update 1970-01-01
...